Active TopicsActive Topics  Display List of Forum MembersMemberlist  CalendarCalendar  Search The ForumSearch  HelpHelp
  RegisterRegister  LoginLogin
 Discussions World :†TECHNOLOGIES @ DISCUSSIONSWORLD.COM :†SYSTEM SECURITY, TIPS & TRICKS, ETHICAL HACKING TECHNOLOGIES




10 security tips for all general-purpose OS Topic: 10 security tips for all general-purpose OS

Post Reply Post New Topic
Author Message
gvkumar
Groupie
Groupie
Avatar

Joined: 10Sep2009
Online Status: Offline
Posts: 1
Quote gvkumar Replybullet Topic: 10 security tips for all general-purpose OS
    Posted: 12Sep2009 at 1:53pm
HTML clipboard

10 security tips for all general-purpose OS

There are key considerations for system security that apply no matter which general-purpose operating system platform you happen to be using. You should always consider the following precautions when securing your systems against unauthorized access and unfortunate disasters:

  1. Use strong passwords. One of the simplest ways to improve security is to use a password that isnít easily guessed by brute force attacks. A brute force attack is one where the attacker uses an automated system to guess passwords as quickly as possible, hopefully finding the right password before long. Passwords that include special characters and spaces, use both capital and lowercase letters, avoid words in the dictionary, as well as numbers, are much more difficult to crack than your motherís name or your anniversary date. Remember as well that increasing the length of your password by one single character multiplies the total number of possibilities by the number of valid characters that can be used. In general, anything less than eight characters is considered far too easy to crack. Ten, 12, or even 16 is better. Just donít make it too long to remember or too difficult to type.
  2. Invest in good perimeter defense. Not all security occurs on the desktop. Itís a good idea to use an external firewall/router to help protect your computer, even if you only have one computer. At the low end, you can purchase a retail router device, such as the commercial Linksys, D-Link, and Netgear routers that are available in stores such as Best Buy, Circuit City, and CompUSA. Higher up the scale, you can get managed switches, routers, and firewalls from ďEnterpriseĒ class vendors such as Cisco, Vyatta, and Foundry Networks. Starting somewhere in the middle and moving all the way up to direct competition with the major ďEnterpriseĒ class vendors, you can put together your own firewalls either ďfrom scratchĒ or using prepackaged firewall/router installers such as m0n0wall and IPCop. Proxy servers, antivirus gateways, and spam filtering gateways can all contribute to stronger perimeter security as well. Remember that in general switches are better for security than hubs, routers with NAT are better than switches, and firewalls are a definite necessity.
  3. Update your software. While concerns such as patch testing before deployment to production systems may be of critical importance in many circumstances, ultimately security patches must be rolled out to your systems. Ignoring security updates for too long can result in the computers you use becoming easy targets for unscrupulous security crackers. Donít let the software installed on your computers fall too far behind the security update schedule. The same applies to any signature-based malware protection software such as antivirus applications (if your system needs them), which cannot be any more effective than the degree to which they are kept up to date with current malware signature definitions.
  4. Shut down services you donít use. Often, computer users donít even know which network accessible services are running on their systems. Telnet and FTP are common offenders that should be shut down on computers where they are not needed. Make sure youíre aware of every single service running on your computer, and have a reason for it to be running. In some cases, this may require reading up on the importance of that service to your particular needs so that you donít make a mistake like shutting off the RPC service on a Microsoft Windows machine and disallow logging in, but itís always a good idea to have nothing running that you donít actually use.
  5. Employ data encryption. Varying levels of data encryption coverage are available to the security-conscious computer user or sysadmin, and choosing the right level of encryption for your needs is something that must be decided based on circumstances. Data encryption can range from use of cryptographic tools on a file-by-file basis, through filesystem encryption, up to full disk encryption. Typically, this doesnít cover the boot partition, as that would require decryption assistance from specialized hardware, but if your need for privacy is great enough to justify the expense, itís possible to get such whole-system encryption. For anything short of boot partition encryption, there are a number of solutions available for each level of encryption desired, including both commercial proprietary systems and open source systems for full disk encryption on every major desktop operating system.
  6. Protect your data with backups. One of the most important ways you can protect yourself from disaster is to back up your data. Strategies for data redundancy can range from something as simple and rudimentary as periodically saving copies to CD to complex, staggered, periodic automated backups to a server. On systems that must maintain constant uptime without loss of service, RAID can provide automatic failover redundancy in case of a disk failure. Free backup tools such as rsync and Bacula are available for putting together automated backup schemes of arbitrary complexity. Version control systems such as Subversion can provide flexible data management so that you can not only have backups on another computer, but you can keep more than one desktop or laptop system up to date with the same data without a great deal of difficulty. Using subversion in this manner saved my bacon in 2004 when my working laptop suffered a catastrophic drive failure, emphasizing the importance of regular backups of critical data.
  7. Encrypt sensitive communications. Cryptographic systems for protecting communications from eavesdroppers are surprisingly common. Software supporting OpenPGP for e-mail, the Off The Record plug-ins for IM clients, encrypted tunnel software for sustained communication using secure protocols such as SSH and SSL, and numerous other tools can be had easily to ensure that data is not compromised in transit. In person-to-person communications, of course, it can sometimes be difficult to convince the other participant to use encryption software to protect communications, but sometimes that protection is of critical importance.
  8. Donít trust foreign networks. This is especially important on open wireless networks such as at your local coffee shop. If youíre careful and smart about security, thereís no reason you cannot use a wireless network at a coffee shop or some other untrusted foreign network, but the key is that you have to ensure security through your own system, and not trust the foreign network to be safe from malicious security crackers. For instance, it is much more critical that you protect sensitive communications with encryption on an open wireless network, including when connecting to Web sites where you use a login session cookie to automate authentication or enter a username and password. Less obviously, make sure you donít have any network services running that are not strictly necessary, as they can be exploited if there is an unpatched vulnerability. This applies to network filesystem software such as NFS or Microsoft CIFS, SSH servers, Active Directory services, and any of a number of other possibilities. Check your systems both from the inside and the outside to determine what opportunities malicious security crackers may have to attempt to compromise your computer, and make sure those points of entry are as locked down as reasonably possible. In some respects, this is just an extension of the points about shutting down unneeded services and encrypting sensitive communications, except that in dealing with foreign networks you must be especially stingy with the services you allow to run on your system and what communications you consider ďsensitive.Ē Protecting yourself on a foreign, untrusted network may in fact require a complete reworking of your systemís security profile.
  9. Get an uninterruptible power supply. You donít just want a UPS so you wonít lose files if the power goes out. There are other, ultimately more important reasons, such as power conditioning and avoiding filesystem corruption. For this reason, make sure you get something that works with your operating system to notify it when it needs to shut itself down, in case you arenít home when the power goes out, and make sure you get a UPS that provides power conditioning as well as battery back-up. A surge protector simply isnít enough to protect your system against damage from ďdirtyĒ power. Remember, a UPS is key to protecting both your hardware and your data.
  10. Monitor systems for security threats and breaches. Never assume that just because youíve gone through a checklist of security preparations your systems are necessarily safe from security crackers. You should always institute some kind of monitoring routine to ensure that suspicious events come to your attention quickly and allow you to follow up on what may be security breaches or threats to security. This sort of attention should not only be spent on network monitoring but also integrity auditing and/or other local system security monitoring techniques.

Other security precautions may apply depending on the specific OS you use. Some operating systems provide additional challenges to security because of design characteristics that produce a less-than-optimal security profile, and some operating systems grant the knowledgeable sysadmin capabilities for increased security that may not exist elsewhere. All of this should be kept in mind when securing your system, whether using proprietary systems such as Microsoft Windows and Apple Mac OS X or open source systems such as your favorite Linux distribution, FreeBSD, NetBSD, or even the very security-conscious OpenBSD.


IP IP Logged
johnspells
Newbie
Newbie


Joined: 05May2010
Online Status: Offline
Posts: 1
Quote johnspells Replybullet Posted: 06May2010 at 1:00pm
All are very good security tips that you had given. I think that they are very easy to implement also. For example using strong password, keep it updated, protecting data and having a backups. I follow some of them not all but I will do it. I use a password which is mixture of characters, signs and numbers and change it after 15 days. I like all the tips. Good job.

IP IP Logged
davidjack23
Newbie
Newbie


Joined: 05Dec2011
Online Status: Offline
Posts: 1
Quote davidjack23 Replybullet Posted: 05Dec2011 at 10:30am
A brute force attack is one where the attacker uses an automated system to guess passwords as quickly as possible, hopefully finding the right password before long. Passwords that include special characters and spaces, use both capital and lowercase letters, avoid words in the dictionary, as well as numbers, are much more difficult to crack than your motherís name or your anniversary date.
IP IP Logged
hitman
Newbie
Newbie
Avatar

Joined: 06Jan2012
Online Status: Offline
Posts: 1
Quote hitman Replybullet Posted: 06Jan2012 at 12:18pm
These is very excellent way to protected microsoft windows. I will absolutely put into practice it. By providing a take bermuda it really make me to comprehend it very quickly.I was just questioning if we provide this much protection it function very fast or not. It will be very employed to me. Great work done by you.
IP IP Logged
richardboss78
Senior Member
Senior Member
Avatar

Joined: 11May2012
Online Status: Offline
Posts: 1
Quote richardboss78 Replybullet Posted: 28May2012 at 9:51am
Dumb firewalls have their uses, and are no different than NAT when it comes to protecting, but a good host-based IPS solution goes above and beyond any firewall. I thought the article was spot on. Security isn't taken seriously enough by most people regardless of the OS.
IP IP Logged
barretjen198
Newbie
Newbie
Avatar

Joined: 05Jun2012
Online Status: Offline
Posts: 1
Quote barretjen198 Replybullet Posted: 05Jun2012 at 3:39pm

Hello, there!!! I am looking for some advance excels tips for my upcoming Microsoft office exam. Itís an important exam for me to get a job. So any suggestion like what kind of things I should remember before starting preparation for the exam. I am following some sites for revision of excel tips.




Edited by barretjen198 - 05Jun2012 at 3:40pm

IP IP Logged
elinejoseph85
Newbie
Newbie
Avatar

Joined: 26Jun2012
Online Status: Offline
Posts: 1
Quote elinejoseph85 Replybullet Posted: 29Jun2012 at 9:36am
All Things are really helpful to improve, Thanks For Sharing,
IP IP Logged
acerstoreau
Newbie
Newbie


Joined: 23Dec2013
Location: Australia
Online Status: Offline
Posts: 16
Quote acerstoreau Replybullet Posted: 24Jun2014 at 12:50pm
Thanks for sharing this great  tips with us.
IP IP Logged
sophiapana
Newbie
Newbie


Joined: 16Apr2014
Online Status: Offline
Posts: 35
Quote sophiapana Replybullet Posted: 04Jul2014 at 8:45pm
Thank you very much for this great tips..
IP IP Logged
Post Reply Post New Topic
Printable version Printable version

Forum Jump
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot delete your posts in this forum
You cannot edit your posts in this forum
You cannot create polls in this forum
You cannot vote in polls in this forum

GET LATEST FRESHERS JOBS IN YOUR MAIL
GET LATEST FRESHERS JOBS IN YOUR MAIL:




This page was generated in 0.188 seconds.
Privacy Policy | Terms and Conditions

Our Portals : Job Interview Questions | Placement Papers Academic Tutorials | Free eBooks | Beyond Stats | City Details | Job Interview Questions | Excellent Mobiles | Free Bangalore | Give Me The Code | Gog Logo | Indian Free Ads | Jobs Assist | Job Interview Questions | One Stop FAQs | One Stop GATE | One Stop GATE | One Stop GRE | One Stop IAS | One Stop MBA | One Stop SAP | Software Testing | Web Hosting | Dedicated Server in India | Quick Site Kit | Sirf Dosti | Source Codes World | Tasty Food | Testing Interview Questions | Free Online Exams | The Galz | Vyom | Vyom eBooks | Vyom International | Free Downloads | Vyoms | Vyom World | Clean Jokes